heap: Add safe stack support for stack containment checks

Stack containment checks for slots should consider safe stacks when they are enabled. Bug: v8:11933, v8:12165 Change-Id: I2e2c8539c3c0a2dd795f87781ecb2942e059accc Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3250642 Auto-Submit: Michael Lippautz <mlippautz@chromium.org> Commit-Queue: Omer Katz <omerkatz@chromium.org> Reviewed-by: Omer Katz <omerkatz@chromium.org> Cr-Commit-Position: refs/heads/main@{#77601}

heap: Add safe stack support for stack containment checks
Stack containment checks for slots should consider safe stacks when they are enabled. Bug: v8:11933, v8:12165 Change-Id: I2e2c8539c3c0a2dd795f87781ecb2942e059accc Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3250642 Auto-Submit: Michael Lippautz <mlippautz@chromium.org> Commit-Queue: Omer Katz <omerkatz@chromium.org> Reviewed-by: Omer Katz <omerkatz@chromium.org> Cr-Commit-Position: refs/heads/main@{#77601}
6f66a832 · Michael Lippautz · V8 LUCI CQ · 88823c8c · 6f66a832 · 6f66a832
Commit 6f66a832 authored Oct 28, 2021 by Michael Lippautz Committed by V8 LUCI CQ Oct 28, 2021
Hide whitespace changes
Inline Side-by-side

Showing with 15 additions and 6 deletions

global-handles.cc src/handles/global-handles.cc +6 -0

stack.cc src/heap/base/stack.cc +9 -4

unified-heap-unittest.cc test/unittests/heap/unified-heap-unittest.cc +0 -2

No files found.
--- a/src/handles/global-handles.cc
+++ b/src/handles/global-handles.cc
@@ -802,6 +802,12 @@ bool GlobalHandles::OnStackTracedNodeSpace::IsOnStack(uintptr_t slot) const {
    return true;
  }
 #endif  // V8_USE_ADDRESS_SANITIZER
+#if __has_feature(safe_stack)
+  if (reinterpret_cast<uintptr_t>(__builtin___get_unsafe_stack_top()) >= slot &&
+      slot > reinterpret_cast<uintptr_t>(__builtin___get_unsafe_stack_ptr())) {
+    return true;
+  }
+#endif  // __has_feature(safe_stack)
  return stack_start_ >= slot && slot > base::Stack::GetCurrentStackPosition();
 }


--- a/src/heap/base/stack.cc
+++ b/src/heap/base/stack.cc
@@ -24,15 +24,20 @@ Stack::Stack(const void* stack_start) : stack_start_(stack_start) {}
 bool Stack::IsOnStack(void* slot) const {
 #ifdef V8_USE_ADDRESS_SANITIZER
  // If the slot is part of a fake frame, then it is definitely on the stack.
-  void* real_frame = __asan_addr_is_in_fake_stack(
-      __asan_get_current_fake_stack(), reinterpret_cast<void*>(slot), nullptr,
-      nullptr);
-  if (real_frame) {
+  if (__asan_addr_is_in_fake_stack(__asan_get_current_fake_stack(),
+                                   reinterpret_cast<void*>(slot), nullptr,
+                                   nullptr)) {
    return true;
  }
  // Fall through as there is still a regular stack present even when running
  // with ASAN fake stacks.
 #endif  // V8_USE_ADDRESS_SANITIZER
+#if __has_feature(safe_stack)
+  if (__builtin___get_unsafe_stack_top() >= slot &&
+      slot > __builtin___get_unsafe_stack_ptr()) {
+    return true;
+  }
+#endif  // __has_feature(safe_stack)
  return v8::base::Stack::GetCurrentStackPosition() <= slot &&
         slot <= stack_start_;
 }

--- a/test/unittests/heap/unified-heap-unittest.cc
+++ b/test/unittests/heap/unified-heap-unittest.cc
@@ -175,7 +175,6 @@ TEST_F(UnifiedHeapTest, FreeUnreferencedDuringNoGcScope) {
 }
 #endif  // DEBUG

-#if !V8_OS_FUCHSIA
 TEST_F(UnifiedHeapTest, TracedReferenceRetainsFromStack) {
  v8::HandleScope handle_scope(v8_isolate());
  v8::Local<v8::Context> context = v8::Context::New(v8_isolate());
@@ -191,7 +190,6 @@ TEST_F(UnifiedHeapTest, TracedReferenceRetainsFromStack) {
  auto local = holder.Get(v8_isolate());
  EXPECT_TRUE(local->IsObject());
 }
-#endif  // !V8_OS_FUCHSIA

 TEST_F(UnifiedHeapDetachedTest, AllocationBeforeConfigureHeap) {
  auto heap = v8::CppHeap::Create(